Snoop-proof switch takes security to the max

The ServSwitch Black Box Secure KVM, a secure keyboard, video and mouse switch, doesn’t cut corners when it comes to safety and security. In fact, in many ways, the ServSwitch goes far beyond the required levels to keep government data secure, which is why we chose it as our August product of the month.

Secure KVM switches are a vital but sometimes overlooked part of network security. Yet there has been a need for them ever since people started to chain multiple machines to one keyboard, monitor and mouse. It’s a move that saves a lot of energy by eliminating extra peripherals, not to mention space.

But if the chained computers have different security levels, a KVM switch can be a problem, with data from one system jumping over and displaying it where it shouldn’t. A non-secure KVM can also offer a network port to those who know how to exploit such an opening.

Secure KVM switches can be the answer, and we’ve reviewed quite a few. But almost none of them pushed beyond the normal expected standards to the level shown by the ServSwitch.

The model that we reviewed was a four-port unit that connected two USB peripherals and up to four DVI monitor connections. We ran it through all of our standard secure switch testing.

Interestingly, the story of the ServSwitch’s security begins before it ever reaches a user. The ServSwitch is certified to Evaluation Assurance Level 4, where most KVMs are EAL 2. Both level two and level four assure users that the components have not been tampered with prior to assembly, but only EAL 4 controls the supply chain as well. Black Box officials told me that all units are kept inside locked cages until bought by a user. Access is controlled and any unit that comes out of the cage early can’t be sold.

The switch is also certified to TEMPEST USA NSTISSAM level 1, the highest standard to prevent eavesdropping or signal snooping as defined by NATO.

We tested the ServSwitch with four secure cables. Also sold by Black Box, they cost $15.95 each and are highly recommended to protect the video signal from the computer to the switch. When hooked up properly, we couldn’t even get a reading from the box or the cables using our oscilloscope.

Each of the four channels is protected with a one-way data diode. And each of the two USB ports will accept only a generic keyboard and a generic mouse. The port won’t work if you can’t plug in a flash drive or anything else. In fact, keyboards with USB hubs won’t work with the ServSwitch, which closes a potential security loophole. In addition, when switching from channel to channel, the keyboard and mouse are completely powered down before moving to the new input. That way any leftover data is eliminated and nothing can jump from an unsecured network to a classified one, not even a keystroke stuck inside the buffer.

Port snooping

We did everything we could to snoop a neighboring port from an empty one, but with 80-db channel-to-channel crosstalk separation, it wasn’t happening. Our snooping gear thought the other channel was dead, when it was actually quite active at the time.

The only way we could think to set up snooping gear on the ServSwitch was to crack it open. That is easier said than done. The box is protected by two different pressure seals in addition to tamper-evident stickers. Getting around the stickers is difficult, but could be done given enough time and the right solvents. Having duplicate stickers would help too. But opening the box without tripping either of the pressure seals proved impossible.

There is simply no way to open the lid without one of the two sensors tripping. And when they do, the box self-destructs. It becomes useless from that point on, not acting as a switch and not letting any device successfully connect to it ever again. That might seem a little drastic, but most people using a ServSwitch would rather lose the $491 (GSA price) unit than have their data stolen.

If the ServSwitch is working, you can be sure it’s not been tampered with. And if you’ve connected it to computers using the secure cables, you have what amounts to a closed system where data is only going to flow one direction, to those authorized to see it.